|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Administrator Logon to 1 DC only
Guys,
Situation : 2 DCs in the domain, 1 DC acting as a DC only and holds all FSMO roles. 2nd DC acting as a DC AND serving a 3rd Party Application. Question: Would like to restrict the third party to only be able to logon to the 2nd DC to administer the Application/Reboot the server. Can this be done i.e. esentially giving them like a local admin account like you would on a member server. Thanks much Can't be done.
You could move the app to a member server. hth DDS Show quote "lozza" <lo***@discussions.microsoft.com> wrote in message news:607A30AE-FD44-4EE3-A3B6-854E6D6F2C28@microsoft.com... > Guys, > > Situation : > > 2 DCs in the domain, 1 DC acting as a DC only and holds all FSMO roles. > 2nd > DC acting as a DC AND serving a 3rd Party Application. > > Question: Would like to restrict the third party to only be able to logon > to > the 2nd DC to administer the Application/Reboot the server. Can this be > done > i.e. esentially giving them like a local admin account like you would on a > member server. > > Thanks much > I thought as much, been racking my brain about this for ages. Unforunately no
memeber servers :( Small shop setup... 2 servers... Instead of doing 1 dedicated DC and 1 Dedicated App server, I did 2 DCs for redundancy, and install the app to one... Hey ho.... domain admin they will have to have then... I thought maybe something messy like in the local policy of the other DC specifically deny logon for the 3rd Party Account, could that work? is it possible? Show quote "Danny Sanders" wrote: > Can't be done. > You could move the app to a member server. > > hth > DDS > > "lozza" <lo***@discussions.microsoft.com> wrote in message > news:607A30AE-FD44-4EE3-A3B6-854E6D6F2C28@microsoft.com... > > Guys, > > > > Situation : > > > > 2 DCs in the domain, 1 DC acting as a DC only and holds all FSMO roles. > > 2nd > > DC acting as a DC AND serving a 3rd Party Application. > > > > Question: Would like to restrict the third party to only be able to logon > > to > > the 2nd DC to administer the Application/Reboot the server. Can this be > > done > > i.e. esentially giving them like a local admin account like you would on a > > member server. > > > > Thanks much > > > > > > something messy like in the local policy of the other DC specifically deny Nope, DCs don't have a local policy.> logon for the 3rd Party Account, could that work? is it possible? hth DDS Show quote "lozza" <lo***@discussions.microsoft.com> wrote in message news:2D5E7E1C-3248-43DA-8A83-ED76E9BD6882@microsoft.com... >I thought as much, been racking my brain about this for ages. Unforunately >no > memeber servers :( Small shop setup... 2 servers... Instead of doing 1 > dedicated DC and 1 Dedicated App server, I did 2 DCs for redundancy, and > install the app to one... > > Hey ho.... domain admin they will have to have then... I thought maybe > something messy like in the local policy of the other DC specifically deny > logon for the 3rd Party Account, could that work? is it possible? > > "Danny Sanders" wrote: > >> Can't be done. >> You could move the app to a member server. >> >> hth >> DDS >> >> "lozza" <lo***@discussions.microsoft.com> wrote in message >> news:607A30AE-FD44-4EE3-A3B6-854E6D6F2C28@microsoft.com... >> > Guys, >> > >> > Situation : >> > >> > 2 DCs in the domain, 1 DC acting as a DC only and holds all FSMO roles. >> > 2nd >> > DC acting as a DC AND serving a 3rd Party Application. >> > >> > Question: Would like to restrict the third party to only be able to >> > logon >> > to >> > the 2nd DC to administer the Application/Reboot the server. Can this be >> > done >> > i.e. esentially giving them like a local admin account like you would >> > on a >> > member server. >> > >> > Thanks much >> > >> >> >> Cool... so although gpedit.msc can be fired up on the DC and it says 'Local
Computer Policy' at the root of the tree, any settings made here will be ignored? Cheers Show quote "Danny Sanders" wrote: > > something messy like in the local policy of the other DC specifically deny > > logon for the 3rd Party Account, could that work? is it possible? > > Nope, DCs don't have a local policy. > > hth > DDS > > "lozza" <lo***@discussions.microsoft.com> wrote in message > news:2D5E7E1C-3248-43DA-8A83-ED76E9BD6882@microsoft.com... > >I thought as much, been racking my brain about this for ages. Unforunately > >no > > memeber servers :( Small shop setup... 2 servers... Instead of doing 1 > > dedicated DC and 1 Dedicated App server, I did 2 DCs for redundancy, and > > install the app to one... > > > > Hey ho.... domain admin they will have to have then... I thought maybe > > something messy like in the local policy of the other DC specifically deny > > logon for the 3rd Party Account, could that work? is it possible? > > > > "Danny Sanders" wrote: > > > >> Can't be done. > >> You could move the app to a member server. > >> > >> hth > >> DDS > >> > >> "lozza" <lo***@discussions.microsoft.com> wrote in message > >> news:607A30AE-FD44-4EE3-A3B6-854E6D6F2C28@microsoft.com... > >> > Guys, > >> > > >> > Situation : > >> > > >> > 2 DCs in the domain, 1 DC acting as a DC only and holds all FSMO roles. > >> > 2nd > >> > DC acting as a DC AND serving a 3rd Party Application. > >> > > >> > Question: Would like to restrict the third party to only be able to > >> > logon > >> > to > >> > the 2nd DC to administer the Application/Reboot the server. Can this be > >> > done > >> > i.e. esentially giving them like a local admin account like you would > >> > on a > >> > member server. > >> > > >> > Thanks much > >> > > >> > >> > >> > > >  |
|||||||||||||||||||||||
Other interesting topics